[Touch-packages] [Bug 1950201] Re: Gnugpg does not offer the option to store the private and public keys on two different keycards.
** Description changed: Gnugpg does not offer the option to store the private and public keys on two different keycards. I have followed the official yubikey guide as follows, ( found here : https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP ) - but it might apply to similar smart cards and USB tokens: + but it might apply to similar smart cards and USB tokens: To import the key on your YubiKey: Insert the YubiKey into the USB port if it is not already plugged in. Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key) Enter the command: keytocard When prompted if you really want to move your primary key, enter y (yes). When prompted where to store the key, select 1. This will move the signature subkey to the PGP signature slot of the YubiKey. Enter the command: key 1 Enter the command: keytocard When prompted where to store the key, select 2. This will move the encryption subkey to the YubiKey. Enter the command: key 1 Enter the command: key 2 Enter the command: keytocard When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey. Enter the command: quit When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. The issue with that is that it permanently moves the secret keys to the yubikey or similar, and that causes issues later if one wants to create backup keys. If one saves the changes and tries to make a separate identical key card at a later date, one gets the "gpg: KEYTOCARD failed: Unusable secret key." error. I have read that if one presses control and c ( on Linux ) it after the last keytocard and option 3, the secret keys will not be deleted from the computer, only copied. One then can start forward again at this step: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key). Another possible but tedious workaround is to backup the secret keys and public keys, and import those back into gpg, then move they keys to a physical backup key. ( Note: Key 0 is the primary signature subkey. Key 1is the encryption subkey. key 2 is the authentication subkey .) Ideally, there should be a option in the gpg menu about this, that asks about permanently moving the keys. A nice addition would be: Do you want to make a separate identical key card? + + A additional problem is that even if you manage to create two yubikeys + with the same card then you still cant use them both on the same + computer as a replacement for eachother. + + GnuPG will remeber the card id when it moves te key and will only accept + the same card/yubikey again in the future. + + Workaround is to delete your gnupg home folder and import clean public + keys that have no info which yubikey has the private keys, in that case + gnupg can figure out that it can actually use the other yubikey. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1950201 Title: Gnugpg does not offer the option to store the private and public keys on two different keycards. Status in gnupg package in Ubuntu: New Bug description: Gnugpg does not offer the option to store the private and public keys on two different keycards. I have followed the official yubikey guide as follows, ( found here : https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP ) but it might apply to similar smart cards and USB tokens: To import the key on your YubiKey: Insert the YubiKey into the USB port if it is not already plugged in. Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key) Enter the command: keytocard When prompted if you really want to move your primary key, enter y (yes). When prompted where to store the key, select 1. This will move the signature subkey to the PGP signature slot of the YubiKey. Enter the command: key 1 Enter the command: keytocard When prompted where to store the key, select 2. This will move the encryption subkey to the YubiKey. Enter the command: key 1 Enter the command: key 2 Enter the command: keytocard When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey. Enter the command: quit When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. The issue with that is that it permanently moves the secret keys to the yubikey or similar, and that causes issues later if one wants to create backup keys. If one saves the changes and tries to make a separate identical key
[Touch-packages] [Bug 1950201] Re: Gnugpg does not offer the option to store the private and public keys on two different keycards.
Seth Arnold (seth-arnold) Yes, but one still have to do the control+c, as that is less tedious. quote " Ideally, there should be a option in the gpg menu about this, that asks about permanently moving the keys. A nice addition would be something like: Do you want to make a separate identical key card? ( Y/N) And a warning about the permament moving of the keys. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1950201 Title: Gnugpg does not offer the option to store the private and public keys on two different keycards. Status in gnupg package in Ubuntu: New Bug description: Gnugpg does not offer the option to store the private and public keys on two different keycards. I have followed the official yubikey guide as follows, ( found here : https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP ) but it might apply to similar smart cards and USB tokens: To import the key on your YubiKey: Insert the YubiKey into the USB port if it is not already plugged in. Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key) Enter the command: keytocard When prompted if you really want to move your primary key, enter y (yes). When prompted where to store the key, select 1. This will move the signature subkey to the PGP signature slot of the YubiKey. Enter the command: key 1 Enter the command: keytocard When prompted where to store the key, select 2. This will move the encryption subkey to the YubiKey. Enter the command: key 1 Enter the command: key 2 Enter the command: keytocard When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey. Enter the command: quit When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. The issue with that is that it permanently moves the secret keys to the yubikey or similar, and that causes issues later if one wants to create backup keys. If one saves the changes and tries to make a separate identical key card at a later date, one gets the "gpg: KEYTOCARD failed: Unusable secret key." error. I have read that if one presses control and c ( on Linux ) it after the last keytocard and option 3, the secret keys will not be deleted from the computer, only copied. One then can start forward again at this step: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key). Another possible but tedious workaround is to backup the secret keys and public keys, and import those back into gpg, then move they keys to a physical backup key. ( Note: Key 0 is the primary signature subkey. Key 1is the encryption subkey. key 2 is the authentication subkey .) Ideally, there should be a option in the gpg menu about this, that asks about permanently moving the keys. A nice addition would be: Do you want to make a separate identical key card? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1950201/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1950201] Re: Gnugpg does not offer the option to store the private and public keys on two different keycards.
** Description changed: Gnugpg does not offer the option to store the private and public keys on two different keycards. - I have followed the official yubikey guide as follows, but it might - apply to similar smart cards and USB tokens: + I have followed the official yubikey guide as follows, + ( found here : https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP ) + but it might apply to similar smart cards and USB tokens: To import the key on your YubiKey: Insert the YubiKey into the USB port if it is not already plugged in. Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key) Enter the command: keytocard When prompted if you really want to move your primary key, enter y (yes). When prompted where to store the key, select 1. This will move the signature subkey to the PGP signature slot of the YubiKey. Enter the command: key 1 Enter the command: keytocard When prompted where to store the key, select 2. This will move the encryption subkey to the YubiKey. Enter the command: key 1 Enter the command: key 2 Enter the command: keytocard When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey. Enter the command: quit When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. The issue with that is that it permanently moves the secret keys to the yubikey or similar, and that causes issues later if one wants to create backup keys. If one saves the changes and tries to make a separate identical key card at a later date, one gets the "gpg: KEYTOCARD failed: Unusable secret key." error. I have read that if one presses control and c ( on Linux ) it after the last keytocard and option 3, the secret keys will not be deleted from the computer, only copied. One then can start forward again at this step: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key). Another possible but tedious workaround is to backup the secret keys and public keys, and import those back into gpg, then move they keys to a physical backup key. ( Note: Key 0 is the primary signature subkey. Key 1is the encryption subkey. key 2 is the authentication subkey .) - - Ideally, there should be a option in the gpg menu about this, that asks about permanently moving the keys. + Ideally, there should be a option in the gpg menu about this, that asks + about permanently moving the keys. A nice addition would be: Do you want to make a separate identical key card? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1950201 Title: Gnugpg does not offer the option to store the private and public keys on two different keycards. Status in gnupg package in Ubuntu: New Bug description: Gnugpg does not offer the option to store the private and public keys on two different keycards. I have followed the official yubikey guide as follows, ( found here : https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP ) but it might apply to similar smart cards and USB tokens: To import the key on your YubiKey: Insert the YubiKey into the USB port if it is not already plugged in. Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key) Enter the command: keytocard When prompted if you really want to move your primary key, enter y (yes). When prompted where to store the key, select 1. This will move the signature subkey to the PGP signature slot of the YubiKey. Enter the command: key 1 Enter the command: keytocard When prompted where to store the key, select 2. This will move the encryption subkey to the YubiKey. Enter the command: key 1 Enter the command: key 2 Enter the command: keytocard When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey. Enter the command: quit When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. The issue with that is that it permanently moves the secret keys to the yubikey or similar, and that causes issues later if one wants to create backup keys. If one saves the changes and tries to make a separate identical key card at a later date, one gets the "gpg: KEYTOCARD failed: Unusable secret key." error. I have read that if one presses control and c ( on Linux ) it after the last keytocard and option 3, the secret keys will not be deleted from the computer, only copied. One then can start forward again at this step: gpg --edit-key 1234ABC (where 1234ABC is the
[Touch-packages] [Bug 1950201] Re: Gnugpg does not offer the option to store the private and public keys on two different keycards.
This guide describes how to make a copy of gnupg files in order to create a duplicate card: https://zach.codes/ultimate-yubikey-setup-guide/ It would be nice if such a guide weren't necessary. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1950201 Title: Gnugpg does not offer the option to store the private and public keys on two different keycards. Status in gnupg package in Ubuntu: New Bug description: Gnugpg does not offer the option to store the private and public keys on two different keycards. I have followed the official yubikey guide as follows, but it might apply to similar smart cards and USB tokens: To import the key on your YubiKey: Insert the YubiKey into the USB port if it is not already plugged in. Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key) Enter the command: keytocard When prompted if you really want to move your primary key, enter y (yes). When prompted where to store the key, select 1. This will move the signature subkey to the PGP signature slot of the YubiKey. Enter the command: key 1 Enter the command: keytocard When prompted where to store the key, select 2. This will move the encryption subkey to the YubiKey. Enter the command: key 1 Enter the command: key 2 Enter the command: keytocard When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey. Enter the command: quit When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. The issue with that is that it permanently moves the secret keys to the yubikey or similar, and that causes issues later if one wants to create backup keys. If one saves the changes and tries to make a separate identical key card at a later date, one gets the "gpg: KEYTOCARD failed: Unusable secret key." error. I have read that if one presses control and c ( on Linux ) it after the last keytocard and option 3, the secret keys will not be deleted from the computer, only copied. One then can start forward again at this step: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key). Another possible but tedious workaround is to backup the secret keys and public keys, and import those back into gpg, then move they keys to a physical backup key. ( Note: Key 0 is the primary signature subkey. Key 1is the encryption subkey. key 2 is the authentication subkey .) Ideally, there should be a option in the gpg menu about this, that asks about permanently moving the keys. A nice addition would be: Do you want to make a separate identical key card? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1950201/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1950201] Re: Gnugpg does not offer the option to store the private and public keys on two different keycards.
** Description changed: - Gnugpg does not offer the option to store the private and public keys - on two different keycards. + Gnugpg does not offer the option to store the private and public keys on + two different keycards. I have followed the official yubikey guide as follows, but it might apply to similar smart cards and USB tokens: To import the key on your YubiKey: - Insert the YubiKey into the USB port if it is not already plugged + Insert the YubiKey into the USB port if it is not already plugged in. - Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the + Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key) - Enter the command: keytocard + Enter the command: keytocard - When prompted if you really want to move your primary key, enter y + When prompted if you really want to move your primary key, enter y (yes). - When prompted where to store the key, select 1. This will move the + When prompted where to store the key, select 1. This will move the signature subkey to the PGP signature slot of the YubiKey. - Enter the command: key 1 - Enter the command: keytocard + Enter the command: key 1 + Enter the command: keytocard - When prompted where to store the key, select 2. This will move the + When prompted where to store the key, select 2. This will move the encryption subkey to the YubiKey. - Enter the command: key 1 + Enter the command: key 1 - Enter the command: key 2 + Enter the command: key 2 - Enter the command: keytocard + Enter the command: keytocard - When prompted where to store the key, select 3. This will move the + When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey. - - Enter the command: quit - When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. + Enter the command: quit + When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. The issue with that is that it permanently moves the secret keys to the yubikey or similar, and that causes issues later if one wants to create backup keys. If one saves the changes and tries to make a separate identical key card at a later date, one gets the "gpg: KEYTOCARD failed: Unusable secret key." error. I have read that if one presses control and c ( on Linux ) it after the last keytocard and option 3, the secret keys will not be deleted from the computer, only copied. One then can start forward again at this step: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key). Another possible but tedious workaround is to backup the secret keys and public keys, and import those back into gpg, then move they keys to a physical backup key. ( Note: Key 0 is the primary signature subkey. Key 1is the encryption subkey. key 2 is the authentication subkey .) + + + Ideally, there should be a option in the gpg menu about this, that asks about permanently moving the keys. + + A nice addition would be: + + Do you want to make a separate identical key card? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1950201 Title: Gnugpg does not offer the option to store the private and public keys on two different keycards. Status in gnupg package in Ubuntu: New Bug description: Gnugpg does not offer the option to store the private and public keys on two different keycards. I have followed the official yubikey guide as follows, but it might apply to similar smart cards and USB tokens: To import the key on your YubiKey: Insert the YubiKey into the USB port if it is not already plugged in. Enter the GPG command: gpg --edit-key 1234ABC (where 1234ABC is the key ID of your key) Enter the command: keytocard When prompted if you really want to move your primary key, enter y (yes). When prompted where to store the key, select 1. This will move the signature subkey to the PGP signature slot of the YubiKey. Enter the command: key 1 Enter the command: keytocard When prompted where to store the key, select 2. This will move the encryption subkey to the YubiKey. Enter the command: key 1 Enter the command: key 2 Enter the command: keytocard When prompted where to store the key, select 3. This will move the authentication subkey to the YubiKey. Enter the command: quit When prompted to save your changes, enter y (yes). You have now saved your keyring to your YubiKey. The issue with that is that it permanently moves the secret keys to the yubikey or similar, and that causes issues later if one wants to create backup keys. If
